diff options
| author | Nayna Jain <nayna@linux.ibm.com> | 2018-12-09 01:57:00 +0530 |
|---|---|---|
| committer | Mimi Zohar <zohar@linux.ibm.com> | 2018-12-12 22:02:54 -0500 |
| commit | 60740accf78494e166ec76bdc39b7d75fc2fe1c7 (patch) | |
| tree | a6793622667cca9eb606cbc098808bc8753524cc /security/integrity/platform_certs | |
| parent | 9dc92c45177ab70e20ae94baa2f2e558da63a9c7 (diff) | |
| download | linux-stable-60740accf78494e166ec76bdc39b7d75fc2fe1c7.tar.gz linux-stable-60740accf78494e166ec76bdc39b7d75fc2fe1c7.tar.bz2 linux-stable-60740accf78494e166ec76bdc39b7d75fc2fe1c7.zip | |
integrity: Load certs to the platform keyring
The patch refactors integrity_load_x509(), making it a wrapper for a new
function named integrity_add_key(). This patch also defines a new
function named integrity_load_cert() for loading the platform keys.
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Acked-by: Serge Hallyn <serge@hallyn.com>
Reviewed-by: James Morris <james.morris@microsoft.com>
Reviewed-by: Thiago Jung Bauermann <bauerman@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Diffstat (limited to 'security/integrity/platform_certs')
| -rw-r--r-- | security/integrity/platform_certs/platform_keyring.c | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/security/integrity/platform_certs/platform_keyring.c b/security/integrity/platform_certs/platform_keyring.c index 79f80af5b470..bcafd7387729 100644 --- a/security/integrity/platform_certs/platform_keyring.c +++ b/security/integrity/platform_certs/platform_keyring.c @@ -14,6 +14,29 @@ #include <linux/slab.h> #include "../integrity.h" +/** + * add_to_platform_keyring - Add to platform keyring without validation. + * @source: Source of key + * @data: The blob holding the key + * @len: The length of the data blob + * + * Add a key to the platform keyring without checking its trust chain. This + * is available only during kernel initialisation. + */ +void __init add_to_platform_keyring(const char *source, const void *data, + size_t len) +{ + key_perm_t perm; + int rc; + + perm = (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_VIEW; + + rc = integrity_load_cert(INTEGRITY_KEYRING_PLATFORM, source, data, len, + perm); + if (rc) + pr_info("Error adding keys to platform keyring %s\n", source); +} + /* * Create the trusted keyrings. */ |